diff options
| author |   Yuanjie Huang <yuanjie.huang@windriver.com> | 2017-05-24 02:55:17 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-05-25 23:57:01 +0100 |
| commit | de04c9811f7ce5179ba261bd8eae921d7873d6cd (patch) | |
| tree | cac60faab76765f7f5e0512322b8974abbef35a9 /meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch | |
| parent | 53b58373c7f64fe5b03f1c90b2a0ec75d6c231a5 (diff) | |
| download | openembedded-core-contrib-de04c9811f7ce5179ba261bd8eae921d7873d6cd.tar.gz | |
binutils: fix CVE-2017-6969 in readelf
CVE: CVE-2017-6969
[BZ 21156] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21156
PR binutils/21156: Fix illegal memory accesses in readelf when
ing a corrupt binary.
PR binutils/21156: Fix another memory access error in readelf when
parsing a corrupt binary.
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch new file mode 100644 index 0000000000..ed5403430c --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch @@ -0,0 +1,57 @@ +From 1d9a2696903fc59d6a936f4ab4e4407ef329d066 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Fri, 17 Feb 2017 15:59:45 +0000 +Subject: Fix illegal memory accesses in readelf when parsing + a corrupt binary. + + PR binutils/21156 + * readelf.c (find_section_in_set): Test for invalid section + indicies. + +CVE: CVE-2017-6969 +Upstream-Status: Backport [master] + +Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> +--- + binutils/ChangeLog | 6 ++++++ + binutils/readelf.c | 10 ++++++++-- + 2 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/binutils/ChangeLog b/binutils/ChangeLog +index bd63c8a0d8..1d840b42f9 100644 +--- a/binutils/ChangeLog ++++ b/binutils/ChangeLog +@@ -1,3 +1,9 @@ ++2017-02-17 Nick Clifton <nickc@redhat.com> ++ ++ PR binutils/21156 ++ * readelf.c (find_section_in_set): Test for invalid section ++ indicies. ++ + 2017-02-13 Nick Clifton <nickc@redhat.com> + + PR binutils/21139 +diff --git a/binutils/readelf.c b/binutils/readelf.c +index 7c158c6342..4960491c5c 100644 +--- a/binutils/readelf.c ++++ b/binutils/readelf.c +@@ -675,8 +675,14 @@ find_section_in_set (const char * name, unsigned int * set) + if (set != NULL) + { + while ((i = *set++) > 0) +- if (streq (SECTION_NAME (section_headers + i), name)) +- return section_headers + i; ++ { ++ /* See PR 21156 for a reproducer. */ ++ if (i >= elf_header.e_shnum) ++ continue; /* FIXME: Should we issue an error message ? */ ++ ++ if (streq (SECTION_NAME (section_headers + i), name)) ++ return section_headers + i; ++ } + } + + return find_section (name); +-- +2.11.0 + |